As documented by Microsoft KB it is easy to capture crash dump when the application is up and running. However there are cases application crashes during startup. How to capture such crash dump during application startup?
Here are a few ways to achieve the goal.
1. ProcDump
ProcDump support a -x parameter launch a process and then monitor it for exceptions:
-x
Launch the specified image with optional arguments. If it is a Modern Application or Package, ProcDump will start on the next activation (only).
Example:
C:\>procdump -e 1 -f "" -x c:\dumps consume.exe
2. WinDBG
You can install WinDBG on the client machine and then use File – Open Executable to launch the application, press g (Go) and wait for the process to crash then type *.dump /mfh [dump file name] *. Now you have dump file that you can debug.
3. GFlags
If you can't easily start the program under the debugger (for example, if it is actually a Windows service), use gflags to make Windows start the program under the debugger. This will create a subkey for your program filename under the Image File Execution Options registry key.
4. Postmortem debugger
5. WER
If you can't run a debugger, not even ProcDump, you can use Windows' built-in crash dump facility to create a dump automatically:
Starting with Windows Server 2008 and Windows Vista with Service Pack 1 (SP1), Windows Error Reporting (WER) can be configured so that full user-mode dumps are collected and stored locally after a user-mode application crashes. Applications that do their own custom crash reporting, including .NET applications, are not supported by this feature.
http://msdn.microsoft.com/library/windows/desktop/bb787181
6. ADPlus
Monitoring for a certain process to start and to crash:
adplus.exe -crash -pmn notepad -o C:\Dumps
The parameter passed to adplus in –pmn is the name of the process to monitor and the parameter after –o is the directory where the DMP files will be collected.
